CloudYali Read-Only Permissions
This page provides a comprehensive list of all the permissions included in the CloudYaliReadOnlyAccess policy. These permissions grant read-only access to numerous AWS services, enabling CloudYali to gather the necessary information for cost analysis, monitoring, and cloud optimization without modifying your cloud resources.
The following permissions are included in the CloudYaliReadOnlyAccess policy, which is created through the provided CloudFormation script:
Permissions Overview
The CloudYaliReadOnlyAccess policy includes Get*, List*, and Describe* actions across a wide range of AWS services. These permissions allow CloudYali to access cloud resource information in a secure, read-only manner. Below is a detailed list of permissions included in the policy:
List of Permissions
| Service | Permissions |
|---|---|
| a4b | Get*, List* |
| accessanalyzer | List* |
| acm | Describe*, Get*, List* |
| acm-pca | List* |
| airflow | Get*, List* |
| amplify | Get*, List* |
| apigateway | Get* |
| appflow | Describe*, List* |
| application-autoscaling | Describe* |
| applicationinsights | Describe*, List* |
| appmesh | Describe*, List* |
| apprunner | Describe*, List* |
| appstream | Describe*, Get*, List* |
| appsync | Get*, List* |
| aps | Describe*, Get*, List* |
| athena | Batch*, Get*, List* |
| autoscaling-plans | Describe* |
| autoscaling | Describe* |
| auditmanager | Get* |
| backup | Describe*, Get*, List* |
| batch | Describe*, List* |
| braket | Get* |
| budgets | Describe* |
| ce | Describe*, Get*, List* |
| chatbot | Describe*, Get* |
| chime | Get*, List* |
| cloud9 | Describe*, List* |
| clouddirectory | Get*, List* |
| cloudformation | Describe*, Get*, List* |
| cloudfront | Get*, List* |
| cloudhsm | Describe*, Get*, List* |
| cloudsearch | Describe*, List* |
| cloudtrail | Describe*, Get*, List*, LookupEvents |
| cloudwatch | Describe*, Get*, List* |
| codeartifact | Describe*, Get*, List* |
| codebuild | BatchGet*, List* |
| codecommit | BatchGet*, Get*, List* |
| codedeploy | BatchGet*, Get*, List* |
| codeguru-profiler | Describe*, Get*, List* |
| codeguru-reviewer | Describe*, Get*, List* |
| codepipeline | Get*, List* |
| cloudshell | Get* |
| codestar | Describe*, Get*, List* |
| codestar-notifications | List* |
| cognito-identity | Describe*, List*, Lookup* |
| cognito-sync | Describe*, Get*, List*, QueryRecords |
| cognito-idp | AdminGet*, AdminList*, Describe*, Get*, List* |
| comprehend | Describe*, List* |
| comprehendmedical | Describe*, List* |
| compute-optimizer | Describe*, Get* |
| config | Describe*, Get*, List* |
| connect | Describe*, Get*, List* |
| dataexchange | List* |
| datapipeline | Describe*, Get*, List* |
| datasync | Describe*, List* |
| dax | Describe*, Get*, List* |
| deepcomposer | Get*, List* |
| detective | Get*, List* |
| devicefarm | Get*, List* |
(The list continues based on the CloudFormation template. Refer to the full CloudFormation script for additional permissions included.)
Summary
The CloudYaliReadOnlyAccess policy includes an extensive list of permissions, all of which are read-only. These permissions allow CloudYali to gather necessary data for cost analysis, cloud monitoring, and resource optimization while ensuring that no modifications are made to your AWS environment.
For more details on how these permissions are utilized, please refer to the IAM Permissions Overview.
© 2024 CloudYali. All rights reserved.